Cloud Microsegmentation

Firewall at Scale

Workload segmentation has always been an effective part of security and micro-segmentation is the evolution of traditional workload segmentation, and, in any of its forms, it offers incomparable security to organizations of all sizes.

Kubernetes and containers introduce a new kind of internal, micro-segmentation traffic aka east-west traffic, in addition to the well-known north-south, outside cluster communication. This can potentially have a major impact in case there is a breach and one of the microservices is compromised. Therefore, it is imperative to limit microservices communication with least privilege principles in order to minimise blast radius in case compromised.

Multi-Cluster policy simplification & unification

Policy engine powered by eBPF, resulting in minimal utilisation on the resources

Microservices policy deployment for security and DevOps for seamless and frictionless operation

Expand Istio policy to a workload level segmentation

With micro-segmentation, security policies become part of the “DNA” of a given workload and persist regardless of where and how they are deployed. Alcide’s application-aware micro-segmentation solution offers additional security by helping to secure the application configuration since it looks at behavior patterns of workloads to determine if workloads have been compromised, and then quarantines or terminates those workloads to prevent the spread of malware. It also interconnects with third-party software to grab awareness about what workloads are doing, and how they should be behaving. Alcide application-aware micro-segmentation is more than just manipulating firewalls or preventing the routing of packets.

White paper

Microsegmentation Done Right in a Cloud-Native World

Blog

Micro-segmentation for Better Cloud Security

Alcide secures Kubernetes multi-cluster deployments from code-to-production. Companies use Alcide to scale their Kubernetes deployments without compromising on security. This enables the smooth operation of business apps while protecting cloud deployments from malicious attacks.